Managing Director of CMG's Advanced Security Services, Richard Nethercott, says the loss of administrative control of company data and the increased liability introduced by outsiders acting as agents make for significant pitfalls in the utility computing model. To add to that, he warns that the global nature of computing means that companies outsourcing their requirements offshore could find that their data ends up under a different legal jurisdiction.

More domestically, there are immediate fears that if company data is stored remotely on large servers, it will be far less secure than if it were held internally behind the company's firewall. Capital One's Mark Drew, European Head of Information Security, says there are too many unanswered questions.

When it comes to in-house, he says, he can satisfy all of the concerns about access and the use of the system. Partitioning the servers used by several different companies is not necessarily an answer. It raises questions about network routing problems, service availability and who gets what share of resources.

Other commentators are more positive. Conxion Corporation's Phil Simmonds, Senior Director of Product Marketing, sees a number of reasons to conclude that utility computing will be secure. Unlike the enterprises they serve, Simmonds sees vendors having all of the available resources for security.

This, says Protek's Jeff Outram, Director of Network Security, may be no bad thing given that companies often put too much faith in firewalls when holding data in-house. He reminds that a basic lack of thought or knowledge in the design of the firewall rules can allow intruders to enter unhindered.

Fears about improperly partitioned servers may well be groundless in the face of developments in storage networking technology and standards. Energis' Ian Massingham, Director of Hosting, says that switch zoning and logical unit number (LUN) masking make it possible to share storage resources between organisations securely.

However, the Logical Group's Steve Salmon, security practice manager, sounds a warning that while it is easy for utility computing vendors to implement blanket security, their 'one size fits all' approach may not take into account the specific needs of your organisation. The answer to this, it is suggested, is to be quite clear and specific about what security you require and what risks are present.

Careful analysis to identify potential threats and the introduction of countermeasures to minimise risk are called for, says Jeff Williams, CISSP, Security Operations consultant at Premier & Alliance Support. About server partitioning, he says that all configurations have a degree of risk, however, he adds that it is feasible to set up secure shared servers to protect the information of several different companies.

Veritas' Greg Valdez, CIO, believes that if utility computing using shared servers relies on a private line, encryption and the services of a trustworthy vendor, there is no reason why partitioning cannot be made secure. Even so, he is clear about the risks of partitioned systems for storage. He simply would not want to share systems with anyone, regardless of how secure.

Maybe the best way to keep unauthorised people out of your mission-critical data is to put your utility computing vendor to the test. Insight Consulting's Piers Wilson, senior consultant, suggests using a specialist security organisation to provide an independent assessment of penetration testing of remotely accessed systems.

In selecting a utility computing partner, a total understanding and repeatable procedures for assessing the security issues are crucial. The Meta Group's Tom Scholtz, President of Global Networking, says that organisations must develop a repeatable procurement process to help in this vetting process. This, he adds, should include establishing documentation highlighting low, medium and high-level security concerns, as well as prioritisation of applications and environments so the most critical concerns only receive in-depth analysis.